Privacy Policy and Terms of Use

TERMS AND DEFINITIONS

Automated processing of personal data – processing of personal data with the help of computer facilities.

Blocking of personal data – temporary cessation ofpersonal data processing (except for cases when processing is necessary toclarify personal data).

Personal data information system – a set of personal datacontained in databases and information technologies and technical meansensuring their processing.

Impersonalisation of personal data – actions, as a result ofwhich it becomes impossible to determine the belonging of personal data to aparticular subject of personal data without using additional information.

Processing of personal data – any action (operation) orset of actions (operations) performed with or without the use of automationmeans with personal data, including collection, recording, systematisation,accumulation, storage, clarification (update, change), extraction, use,transfer (distribution, provision, access), depersonalisation, blocking,deletion, destruction of personal data.

Operator – a state authority, municipalauthority, legal or natural person, independently or jointly with other personsorganising and (or) carrying out processing of personal data, as well asdetermining the purposes of personal data processing, composition of personaldata subject to processing, actions (operations) performed with personal data.

Personal data – any information relatingto a directly or indirectly defined or identifiable natural person (subject ofpersonal data).

Provision of personal data – actions aimed atdisclosure of personal data to a certain person or a certain circle of persons.

Dissemination of personal data – actions aimed atdisclosure of personal data to an indefinite number of persons.

Transborder transfer of personal data – transfer of personal datato the territory of a foreign country to a foreign government authority, aforeign individual or a foreign legal entity.

Destruction of personal data – actions as a result of whichit becomes impossible to restore the content of personal data in theinformation system of personal data and (or) as a result of which materialcarriers of personal data are destroyed.

1. GENERAL PROVISIONS

This document defines the policy of MN Group LLC (hereinafter referred to as theOperator) with regard to personal data processing and discloses information on the implemented measures to ensure personal data security at the Operator in order to protect human and civil rights and freedoms in the course of personal data processing, including the protection of rights to privacy, personal and family secrecy.

This document "Policy LLC "MN Group" regarding the processing of personal data" (hereinafter - the Policy) is developed in accordance with the Constitution of the Russian Federation (in particular, but not limited to Art. 23, 24), the Labour Code of the Russian Federation (in particular, but not limited to, Art. 65, Art. 86 - 90), the Civil Code of the Russian Federation, Federal Law No. 160-FZ "On Ratification of the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data", Federal Law No. 152-FZ "On Personal Data" (hereinafter - FZ-152), other federal laws and by-laws of theRussian Federation determining cases and specifics of personal data processing and ensuring security and confidentiality of such information, contracts with the Operator's counterparties, Operator's labour contracts with its employees, and other federal laws and by-laws of the Russian Federation.

The purpose of this Policy is to protect the rights of personal data subjects during their processing.

The provisions of this Policy shall be binding on all employees of the Operator who process personal data.

The provisions of this Policy are the basis for the organisation of personal data processing at the Operator, including the development of internal regulatory documents governing the processing and protection of personal data at theOperator.

In the event that certain provisions of this Policy come into conflict with the applicable personal data legislation, the provisions of the applicable legislation shall apply.

Personal data subjects can also send their request to the e-mail address info@fidemrg.com

ThisPolicy is a document to which unrestricted access is provided.

2. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING

2.1. Principles of personal data processing

Processing of personal data by the Operator is carried out on the basis of the following principles:

  • of legality and fairness;
  • limiting the processing of personal data to the achievement of specific, predetermined and legitimate purposes;
  • prevention of personal data processing incompatible with the purposes of personal data collection;
  • preventing the merging of databases containing personal data processed for incompatible purposes;
  • processing only those personal data that meet the purposes of their processing;
  • compliance of the content and scope of processed personal data with the stated purposes of processing;
  • preventing the processing of personal data that are redundant in relation to the stated purposes of their processing;
  • ensuring the accuracy, sufficiency and relevance of personal data in relation to the purposes of personal data processing;
  • the Operator shall take or ensure that the necessary measures are taken to delete or clarify incomplete or inaccurate personal data;
  • destruction of personal data upon achievement of the purposes of their processing or in case of loss of necessity in achievement of these purposes, incase of impossibility for the Operator to eliminate the committed violations of personal data, unless otherwise provided for by the federal law.

2.1.2 Purposes of personal data processing

The Operator collects and processes personal data in order to conduct its business in accordance with the legislation of the Russian Federation and the Company's Charter, including, but not limited to:

  • ensuring compliance with legislative and other regulatory legal acts of the Russian Federation, local regulatory acts of the Operator;
  • fulfilment of obligations imposed by the legislation of the Russian Federation on the Operator, including those related to the provision of personal data to tax authorities, the Pension and Social Insurance Fund of the RussianFederation, as well as to other state authorities of the Russian Federation;
  • regulation of labour relations with the Operator's employees;
  • providing the Operator's employees and their family members with additional guarantees and compensations, including voluntary medical insurance and other types of social security;
  • preparation, conclusion, execution and termination of contracts with counterparties;
  • execution of judicial acts, acts of other state bodies or officials;
  • realisation of the rights and legitimate interests of the Operator within the framework of the activities stipulated by the Charter and other local regulatory acts of the Operator;
  • for other legitimate purposes.

2.2 Terms and conditions of personal dataprocessing

The Operator processes personal data ifat least one of the following conditions is present:

  • personal data processing is carried outwith the consent of the personal data subject to the processing of his/her personal data;
  • processing of personal data is necessary to achieve the purposes stipulated by the international treaty of the RussianFederation or law, to perform and fulfil the functions, powers and duties assigned to the operator by the legislation of the Russian Federation;
  • processing of personal data is necessary for the administration of justice, execution of a judicial act, an act of another body or an official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
  • processing of personal data is necessary for the execution of an agreement to which the personal data subject is a party or a beneficiary or guarantor, as well as for the conclusion of an agreement at the initiative of the personal data subject or an agreement under which the personal data subject will be a beneficiary or guarantor;
  • processing of personal data is necessary for the exercise of the rights and legitimate interests of the operator or third parties or for the achievement of socially important goals, provided that the rights and freedoms of the personal data subject are not violated;
  • processing of personal data is carried out for statistical or other research purposes, except for the purposes specified in Article 15 of this Federal Law, subject to mandatory depersonalisation of personal data;
  • processing of personal data subject to publication or mandatory disclosure in accordance with federal law.

2.3 Confidentiality of personal data

The Operator and other persons who have access to personal data shall not disclose to third parties or disseminate personal data without the consent of the subject of personal data, unless otherwise provided for by federal law.

2.4 Publicly available sources of personal data

For information support purposes, theOperator may create publicly available sources of personal data of personal data subjects, including directories and address books. Publicly available sources of personal data may include, with the written consent of the subject of personal data, his/her surname, name, patronymic, date and place of birth, position, contact telephone numbers, e-mail address and other personal data provided by the subject of personal data.

Information about the subject of personal data shall be excluded at any time from publicly available sources of personal data at the request of the subject of personal data or by decision of a court or other authorised state bodies.

2.5 Processing of personal data authorised by the personal data subject for dissemination

Unrestricted access to personal data is granted by the subject of personal data by giving separate consent to the processing of personal data authorised by the subject for dissemination.

The distribution consent may set out:

  • prohibitions on the transfer (except for granting access) of personal data by the Operator to an unlimited number of persons;
  • prohibitions on processing or conditions for processing (other than access) of personal data by an unlimited number of persons;
  • categories and list of personal data for the processing of which the data subject imposes conditions and prohibitions.

The Operator may not refuse the establishment of such prohibitions and conditions by the subject of personal data. Within 3 working days of receiving the subject's consent, the Operator shall publish information on the conditions of processing and the existence of prohibitions and conditions on personal data processing authorised by the personal data subject for dissemination.

If the consent does not establish prohibitions and conditions of processing, or categories and list of personal data subject to prohibitions and conditions, the data shall be processed by the operator without transfer (dissemination, provision, access) and the possibility of performing other actions with personal data to an unlimited number of persons.

The data subject gives his/her consent directly, or using the system of the Federal Service for Supervision ofCommunications, Information Technology and mass communications. Silence or in action is not considered consent to the processing of such personal data.

If personal data has been disclosed to an indefinite number of persons due to an offence, crime or force majeure circumstances, the Operator processing such data (including subsequent dissemination) is obliged to provide evidence of the lawfulness of such processing.

The validity of the consent to the dissemination of personal data ends from the moment the subject sends a request to stop such processing. The following rules and restrictions apply to personal data published on the Operator's website:

  • The transfer of personal data to an unlimited number of persons is not prohibited;
  • Processing of personal data by an unlimited number of persons is not prohibited;
  • personal data received by the Operator may be transferred using information and telecommunication networks.

2.6 Special categories of personal data

Processing by the Operator of special categories of personal data concerning racial, national origin, political opinions, religious or philosophical beliefs, state of health, intimate life is allowed if:

  • the personal data subject has consented in writing to the processing of his/her personal data;
  • processing of personal data authorised by the subject of personal data for dissemination is carried out in compliance with the prohibitions and conditions stipulated in Article 10.1 of the 152-FZ;
  • personal data processing is carried out in accordance with the legislation on state social assistance, labour legislation, pension legislation of the Russian Federation;
  • processing of personal data is necessary to protect the life, health or other vital interests of the personal data subject or the life, health or other vital interests of other persons and it is impossible to obtain the consent of the personal data subject;
  • processing of personal data is necessary for the establishment or exercise of the rights of the personal data subject or third parties, as well as in connection with the exercise of justice;
  • personal data processing is carried out in accordance with the legislation of the Russian Federation on defence, security, counter-terrorism, transport security, anti-corruption, operational and investigative activities, enforcement proceedings, criminal enforcement legislation of the Russian Federation;
  • personal data processing is carried out in accordance with the legislation on compulsory types of insurance, insurance legislation.

The processing of special categories of personal data, carried out in the cases provided for in paragraphs 2 and 3 of Article 10 of the FZ-152, shall be immediately stopped if the reasons for which the processing was carried out are eliminated, unless otherwise provided for by federal laws.

Processing of personal data on criminal record may be carried out by the Operator only in cases and in the manner determined in accordance with federal laws.

2.7 Assignment of personal data processing to another person

The Operator has the right to entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided for by federal law, on the basis of a contract concluded with this person. The person carrying out personal data processing on behalf of the Operator shall comply with the principles and rules of personal data processing stipulated by the Federal Law-152 and this Policy

2.8 Processing of personal data of citizens of the Russian Federation

The Operator ensures collection, recording, systematisation, accumulation, storage, clarification (update, change), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation,

2.9. Trans border transfer of personal data

The operator shall notify the authorised body for the protection of the rights of personal data subjects of its intention to carry out trans border transfer of personal data prior to the commencement of trans border personal data transfer activities.

Prior to submitting such notification, theOperator shall be obliged to obtain the following information from the authorities of a foreign state, foreign individuals, foreign legal entities to whom trans-border transfer of personal data is planned:

1. information on measures taken by foreign authorities, foreign natural persons, foreign legal entities, to whom trans border transfer of personal data is planned, on protection of transferred personal data and on conditions of termination of their processing;

2. information on the legal regulation in the field of personal data of the foreign state under whose jurisdiction the authorities of the foreign state, foreign natural persons, foreign legal entities, to whom the trans border transfer of personal data is planned (in case the trans border transfer of personal data to the authorities of the foreign state, foreign natural persons, foreign legal entities under the jurisdiction of the foreign state is planned, not being a

3. information on foreign state authorities, foreign individuals, foreign legal entities to whom trans-border transfer of personal data is planned (name or surname, first name and patronymic, as well as contact telephone numbers, postal addresses and e-mail addresses).

After sending the notification, theOperator has the right to carry out trans-border transfer of personal data to the territories of foreign states specified in such notification, which are parties to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data and which are included in theList of foreign states providing adequate protection of the rights of personal data subjects.

After sending the notification, theOperator, until the expiry of the terms specified in part 9 of Article 12 of the Federal Law No. 152, is not entitled to carry out trans-border transfer of personal data to the territory of the foreign states specified in the notification, which are not parties to the Council of Europe Convention for theProtection of Individuals with regard to Automatic Processing of Personal Data and are not included in the List of foreign states providing adequate protection of the rights of personal data subjects, except for the case when such trans-border transfer of personal data is necessary.

3. RIGHTS AND OBLIGATIONS

Within the framework of personal data processing, the following rights are defined for the Operator and personal data subjects.

The subject of personal data has the right to:

  • to receive information regarding the processing of his/her personal data in the manner, form and terms established by the legislation on personal data;
  • to demand clarification of his/her personal data, blocking or destruction in case the personal data are incomplete, outdated, unreliable, illegally obtained, not necessary for the stated purpose of processing or are used for purposes not previously stated when the subject of personal data gave his/her consent to the processing of personal data;
  • take the measures provided for by law to protect their rights;
  • withdraw your consent to the processing of personal data;
  • other rights stipulated by the legislation on personal data.

The operator has the right to:

  • process the personal data of the personal data subject in accordance with the stated purpose;
  • require from the subject of personal data to provide reliable personal data necessary for the execution of the contract, identification of the subject of personal data, as well as in other cases stipulated by the legislation on personal data;
  • restrict access of the subject of personal data to his/her personal data in case the subject's access to his/her personal data violates the rights and legitimate interests of third parties, as well as in other cases stipulated by the legislation of the Russian Federation;
  • process personal data authorised by the personal data subject for dissemination, taking into account the provisions ofArticle 10.1. of the 152-FZ;
  • to process personal data subject to publication or mandatory disclosure in accordance with the legislation of the Russian Federation;
  • to entrust the processing of personal data to another person with the consent of the personal data subject;
  • other rights stipulated by the legislation on personal data.
4. ENSURING THE FULFILMENT OF THE OPERATOR'S OBLIGATIONS AND PERSONAL DATA PROTECTION MEASURES

The security of personal data processed by the Operator is ensured by the implementation of legal, organisational and technical measures necessary and sufficient to ensure the requirements of the federal legislation in the field of personal data protection.

To prevent unauthorised access to personal data, the Operator may apply the following organisational and technical measures:

  • appointment of the person responsible for the organisation of personal data processing;
  • issuance of documents defining the policy on personal data processing by the Operator, local acts on personal data processing issues, defining for each purpose of personal data processing the categories and list of personal data processed, categories of subjects whose personal data are processed, methods, terms of their processing and storage, procedure for destruction of personal data upon achievement of the purposes of their processing or upon occurrence of other legal grounds, as well as local acts defining the procedure for the destruction of personal data upon achievement of the purposes of their processing or upon occurrence of other legal grounds, as well as local acts defining the categories and list of personal data processed by the Operator.
  • application of legal, organisational and technical measures to ensure the security of personal data in accordance with Article 19of the Federal Law-152;
  • ensuring the safety of personal data when storing material carriers of personal data and excluding unauthorised access to them;
  • appointment of a person responsible for ensuring the security of personal data in information systems;
  • internal control and (or) audit of compliance of personal data processing with the Federal Law-152 and regulatory legal acts adopted in accordance with it, personal data protection requirements, operator's policy on personal data processing, local acts of the operator;
  • limiting the number of persons allowed to process personal data;
  • familiarisation of the subjects with the requirements of the federal legislation and the Operator's regulatory documents on processing and protection of personal data;
  • organisation of accounting, storage and circulation of carriers containing information with personal data;
  • identification of threats to personal data security during their processing, formation of threat models on their basis;
  • verification of readiness and efficiency of information protection means use;
  • differentiation of user access to information resources and software and hardware means of information processing;
  • registration and recording of actions of users of personal data information systems;
  • use of anti-virus and recovery tools of the personal data protection system;
  • organisation of access control to theOperator's territory, security of premises with technical means of personal data processing;
  • other methods stipulated by the legislation of the Russian Federation.

5. FINAL PROVISIONS

Other rights and obligations of the Operator in connection with the processing of personal data are determined by the legislation of the Russian Federation in the field of personal data.

The Operator's employees guilty of violating the norms governing the processing and protection of personal data shall bear material, disciplinary, administrative, civil or criminal liability in accordance with the procedure established by federal laws.