3.1. The Company shall process personal ensuring protection of rights and freedoms of personal data subjects, including protection of the right to privacy, personal and family secrets, on the basis of the following principles:
· The principle of legality of purposes and methods of processing personal data;
· The principle of compliance of personal data processing objectives with the purposes predetermined and declared during the collection of personal data, as well as the authority of the Company as a personal data operator;
· The principle of conformity of the volume and nature of personal data processed, as well as the methods of their processing with the declared purposes;
· The principle of ensuring the accuracy of personal data, their sufficiency, and, if necessary, relevance to the purposes of personal data processing;
· The principle of inadmissibility of processing personal data redundant to the purposes declared in the collection of personal data.
3.2. The Personal data processing is carried out by the Company on a legal and fair basis. The main legal grounds for processing of personal data include:
· Constitution of the Russian Federation;
· Labour Code of the Russian Federation;
· Civil Code of the Russian Federation;
· Tax Code of the Russian Federation;
· Federal Law of January 10, 2002, No 1-FZ "Concerning Electronic Digital Signatures";
· Federal Law of April 06, 2011, No 63-FZ "Concerning Electronic Digital Signatures";
· Federal Law of July 7, 2003 No. 126-FZ "On Communications";
· Federal Law of 27 July 2006 No. 149-FZ "On Information, Information Technologies and Protection of Information";
· Federal Law of May 04, 2011 No. 99-FZ "Concerning the Licensing of Certain Types of Activity";
· Federal Law of December 6, 2011 No. 402-FZ "On Accounting";
· Federal Law of April 01, 1996 No. 27-FZ "On Individual Personalized Record-Keeping in the Compulsory Pension Insurance System";
· Other laws and regulations in force on the territory of the Russian Federation;
· Articles of Association of the Company;
· Regulations and policies of the Company;
· Contracts of the Company;
· Consent of personal data subjects
3.3. The processing of personal data in the Company is carried out in a mixed way: with and without usage of automation tools.
3.4. The personal data processing actions include: collection, recording, systematisation, gathering, storage, specification, updating, alteration, retrieval, use, transfer, dissemination, making available, access, depersonalisation, blocking, deletion, and destruction of personal data.
3.5. In the course of personal data processing the Company ensures the accuracy of personal data, their sufficiency and relevance in relation to the purposes of processing. If inaccurate or incomplete personal data is found, the Company may initiate a process to rectify and update the personal data. In case updating of personal data is beyond the Company's capabilities, the processing may be suspended until the personal data is updated accordingly. Obligations and liability for timely updating of personal data for specific cases may be established by agreements or local acts of the Company.
3.6. In case the purpose of processing personal data is achieved, the Company immediately stops processing of personal data and shall destroy it within thirty days from the date of achievement of the purpose of processing personal data, unless otherwise provided by the agreement between the Company and the personal data subject.
3.7. In case of revocation by the personal data subject of the consent to the processing of his personal data, the Company shall stop such processing of personal data and destroy personal data within thirty days from the date of receipt of the said recall, unless otherwise provided by the agreement between the Company and the personal data subject.
When processing personal data, the Company shall take the necessary legal, organizational and technical measures to protect the personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.