POLICY OF THE COMMERCIAL SECURITY CENTER LIMITED LIABILITY COMPANY IN THE FIELD OF PERSONAL DATA PROCESSING AND SECURITY

1. General provisions

1.1. This Policy contains a description of the principles and approaches of the Commercial Security Center Limited Liability Company, location: 12 Goncharnaya str., Moscow, 109240 (hereinafter referred to as the Company) in relation to the processing and protection of personal data, the duties and responsibilities of the Company in carrying out such processing.

1.2. The Company ensures the observance of the rights and freedoms of citizens when processing personal data, including the protection of the rights to privacy, personal and family secrets.

1.3. When processing personal data, the Company strictly adheres to the following principles stipulated by Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data":

- legality of the purposes and methods of personal data processing and good faith;

- compliance of the purposes of personal data processing with the goals pre-defined and declared during the collection of personal data, as well as with the Company's powers;

- compliance of the volume and nature of the personal data being processed, methods of personal data processing with the purposes of personal data processing;

- ensuring the reliability of personal data, their relevance and sufficiency for the purposes of processing, the inadmissibility of processing excessive in relation to the purposes of personal data collection;

- implementation of organizational and technical measures to ensure the security of personal data;

- improving the knowledge of the Company's employees in the field of ensuring the security of personal data during their processing;

- striving for continuous improvement of the personal data protection system.

2. Subjects of personal data and Purposes of personal data processing

2.1. The Company processes personal data of the following categories of subjects:

- candidates for vacant positions;

- employees of the Company, including former ones;

- relatives of the Company's employees;

- employees of the Company;

- clients, representatives of clients;

- counterparties under civil law contracts (representatives of legal entities, individual entrepreneurs, individuals);

- users of the site.

2.2. The main purposes of personal data processing in the Company are:

- reviewing resumes and selecting candidates for a vacant position for further employment in the Company;

- realization of rights and fulfillment of obligations arising in connection with labor relations with employees;

- maintaining corporate information directories;

- issuing bank cards to the Company's employees as part of a "salary project";

- conclusion of civil law contracts with legal entities, individual entrepreneurs, individuals, as well as fulfillment of obligations related to contractual legal relations that are regulated by law or contract;

- processing customer requests;

- conducting marketing events and supporting client programs;

- ensuring interaction with the media;

- analysis of traffic statistics, user activity and optimization of the Company's website;

- implementation of access control on the territory of the Company.

3. Rights and obligations of personal data subjects

3.1. The subject of personal data has the right to:

- to receive information regarding the processing of your personal data;

- to demand correction of incorrect, inaccurate, outdated personal data or destruction of personal data in case of their unlawful processing;

- revoke consent to the processing of personal data;

- to appeal in court any unlawful actions or omissions of the Company in the processing and protection of his personal data.

3.2. The procedure for sending a request by a personal data subject for the provision of information on the processing of personal data is determined by the requirements of Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data". In particular, in accordance with the specified requirements, the request sent to the Company must contain:

- the series, number of the document certifying the identity of the personal data subject, information about the date of issue of the specified document and the issuing authority;

- information confirming the personal data subject's participation in relations with the Company (contract number, date of conclusion of the contract, conditional designation and/or other information), or information otherwise confirming the fact of personal data processing in the Company;

- signature of the personal data subject.

3.3. The personal data subject is responsible for providing reliable information, as well as for timely updating of the provided data in case of any changes.

3.4. The Company takes reasonable measures to maintain the accuracy and relevance of the available personal data, as well as the deletion of personal data in cases where they are outdated, unreliable or unnecessary, or if the purposes of their processing have been achieved.

4. Confidentiality of personal data

4.1. Access to personal data is restricted in accordance with the requirements of the legislation of the Russian Federation and the Company's internal regulatory documents on personal data processing and protection.

4.2. Employees of the Company who have gained access to personal data assume obligations to ensure the confidentiality of the personal data being processed.

4.3. Access to personal data processed by the Company, on the basis of and in compliance with regulatory legal acts, is provided to government authorities upon request.

4.4. Personal data of personal data subjects may be provided to third parties with the consent of the personal data subject.

4.5. A prerequisite for entrusting the processing of personal data of subjects and/or providing personal data of subjects to third parties is the signing of contracts (agreements) between the Company and third parties that establish obligations to comply with confidentiality and ensure the security of personal data of subjects.

5. Collection of personal data using the website

5.1. When collecting personal data of subjects through the information and telecommunication network Internet, the Company ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of subjects using databases located on the territory of the Russian Federation.

5.2. The subject's consent to the collection and processing of personal data is obtained if the subject provides any personal data using an electronic form on the Company's website.

5.3. The Company's website uses cookies and collects information, including through the use of third-party services Yandex.Metrica and Google Analytics, about users that the Company needs in order to analyze the effectiveness and improve the site's services.

5.4. When visiting the Company's websites, it informs users about the collection and use of cookies.

6. Implemented requirements to ensure the security of personal data

6.1. In order to ensure the security of personal data during their processing, the Company has introduced, operates and undergoes periodic review (control) of the personal data protection system.

6.2. The Company has appointed persons responsible for organizing the processing and ensuring the security of personal data.

6.3. The Company's management is interested in ensuring the security of personal data processed as part of the Company's core business, both in terms of the requirements of regulatory documents of the Russian Federation and in terms of assessing business risks.